diff --git a/autogen/main/README.md b/autogen/main/README.md index 222bd22e14..071e7626d9 100644 --- a/autogen/main/README.md +++ b/autogen/main/README.md @@ -85,7 +85,6 @@ module "gke" { {% if private_cluster %} enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" {% endif %} {% if beta_cluster and autopilot_cluster != true %} istio = true diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index ef4844a028..cc4a14817b 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -146,7 +146,7 @@ locals { {% if private_cluster %} cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block {% else %} cluster_endpoint = google_container_cluster.primary.endpoint cluster_endpoint_for_nodes = "${google_container_cluster.primary.endpoint}/32" diff --git a/autogen/main/outputs.tf.tmpl b/autogen/main/outputs.tf.tmpl index aacaebddbc..86ae7d6210 100644 --- a/autogen/main/outputs.tf.tmpl +++ b/autogen/main/outputs.tf.tmpl @@ -207,7 +207,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block } output "peering_name" { diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index e133923c56..704915adf8 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -495,12 +495,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - {% if autopilot_cluster == true%} + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." default = null - {% else %} - default = "10.0.0.0/28" - {% endif %} } variable "private_endpoint_subnetwork" { diff --git a/docs/upgrading_to_v35.0.md b/docs/upgrading_to_v35.0.md index bd55288bb4..704c5bc5de 100644 --- a/docs/upgrading_to_v35.0.md +++ b/docs/upgrading_to_v35.0.md @@ -50,3 +50,18 @@ To avoid this, it is possible to edit the remote state of the `random_id` resour 1. Bump the serial number at the top 2. Push the modified state to the remote `terraform state push default.tfstate` 3. Confirm the `random_id` resource(s) no longer changes (or the corresponding `nodepool`) in a `terraform plan` + +### master_ipv4_cidr_block default value +The default value for `master_ipv4_cidr_block` on private standard clusters has been changed from `"10.0.0.0/28"` to `null`. To maintain the previous default behavior, set `master_ipv4_cidr_block` to `"10.0.0.0/28"`. + +``` + module "gke" { + source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" + version = "~> 35.0" + + project_id = var.project_id + name = var.cluster_name + ++ master_ipv4_cidr_block = "10.0.0.0/28" + } +``` diff --git a/examples/simple_regional_private/main.tf b/examples/simple_regional_private/main.tf index 3483a1ec87..0f703bfafe 100644 --- a/examples/simple_regional_private/main.tf +++ b/examples/simple_regional_private/main.tf @@ -49,7 +49,6 @@ module "gke" { enable_private_endpoint = true enable_private_nodes = true enable_secret_manager_addon = true - master_ipv4_cidr_block = "172.16.0.0/28" default_max_pods_per_node = 20 remove_default_node_pool = true deletion_protection = false diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index a875dfbfd3..9f87acf185 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -53,7 +53,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" dns_cache = false } @@ -129,7 +128,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `null` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER\_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET, KUBELET, CADVISOR and DCGM. In beta provider, WORKLOADS is supported on top of those 12 values. (WORKLOADS is deprecated and removed in GKE 1.24.) KUBELET and CADVISOR are only supported in GKE 1.29.3-gke.1093000 and above. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | diff --git a/modules/beta-autopilot-private-cluster/main.tf b/modules/beta-autopilot-private-cluster/main.tf index b4a08b336f..e2bd8547a3 100644 --- a/modules/beta-autopilot-private-cluster/main.tf +++ b/modules/beta-autopilot-private-cluster/main.tf @@ -79,7 +79,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/beta-autopilot-private-cluster/outputs.tf b/modules/beta-autopilot-private-cluster/outputs.tf index aa72f43460..d3e170f087 100644 --- a/modules/beta-autopilot-private-cluster/outputs.tf +++ b/modules/beta-autopilot-private-cluster/outputs.tf @@ -165,7 +165,7 @@ output "tpu_ipv4_cidr_block" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 628b1e89c7..813d42b716 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -279,7 +279,7 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." default = null } diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 5d97be4c68..1d0db51249 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -77,7 +77,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" istio = true cloudrun = true dns_cache = false @@ -251,7 +250,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index 5f0e25240a..c573681b7b 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -123,7 +123,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/beta-private-cluster-update-variant/outputs.tf b/modules/beta-private-cluster-update-variant/outputs.tf index 47b662f8af..78116b90a5 100644 --- a/modules/beta-private-cluster-update-variant/outputs.tf +++ b/modules/beta-private-cluster-update-variant/outputs.tf @@ -192,7 +192,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index eb66aa8471..8c2e2de46c 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -480,8 +480,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - default = "10.0.0.0/28" + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." + default = null } variable "private_endpoint_subnetwork" { diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 1077d7fc8a..6d7d6a242e 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -55,7 +55,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" istio = true cloudrun = true dns_cache = false @@ -229,7 +228,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index 5f0e25240a..c573681b7b 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -123,7 +123,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/beta-private-cluster/outputs.tf b/modules/beta-private-cluster/outputs.tf index 47b662f8af..78116b90a5 100644 --- a/modules/beta-private-cluster/outputs.tf +++ b/modules/beta-private-cluster/outputs.tf @@ -192,7 +192,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index eb66aa8471..8c2e2de46c 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -480,8 +480,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - default = "10.0.0.0/28" + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." + default = null } variable "private_endpoint_subnetwork" { diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 4339bacbb1..d83c076f41 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -77,7 +77,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" dns_cache = false node_pools = [ @@ -239,7 +238,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf index 44ec74167a..dac248be86 100644 --- a/modules/private-cluster-update-variant/main.tf +++ b/modules/private-cluster-update-variant/main.tf @@ -111,7 +111,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/private-cluster-update-variant/outputs.tf b/modules/private-cluster-update-variant/outputs.tf index acb3c9da48..48f8afb79a 100644 --- a/modules/private-cluster-update-variant/outputs.tf +++ b/modules/private-cluster-update-variant/outputs.tf @@ -192,7 +192,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 11f0474b8c..769a67bb4f 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -474,8 +474,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - default = "10.0.0.0/28" + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." + default = null } variable "private_endpoint_subnetwork" { diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 753b3fd4c4..6da2c08ab2 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -55,7 +55,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" dns_cache = false node_pools = [ @@ -217,7 +216,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf index 44ec74167a..dac248be86 100644 --- a/modules/private-cluster/main.tf +++ b/modules/private-cluster/main.tf @@ -111,7 +111,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/private-cluster/outputs.tf b/modules/private-cluster/outputs.tf index acb3c9da48..48f8afb79a 100644 --- a/modules/private-cluster/outputs.tf +++ b/modules/private-cluster/outputs.tf @@ -192,7 +192,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 11f0474b8c..769a67bb4f 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -474,8 +474,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - default = "10.0.0.0/28" + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." + default = null } variable "private_endpoint_subnetwork" {